Re: mounting filesystems with "noexec"

看板FB_security作者時間20年前 (2005/09/25 04:34), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串5/5 (看更多)
> > On 2005.09.23 22:55:56 +0100, markzero wrote: > > With all that has been said so far, what is the actual point of > > the noexec flag? > > > >From mount(8) (yes I like quoting the docs. when we have them ;);) ): > > =A0=A0=A0=A0=A0=A0=A0=A0This option is useful for a server that has file = systems > =A0=A0=A0=A0=A0=A0=A0=A0containing binaries for architectures other than = its own. Sorry Simon and others,=20 Where the least privilege principle gone? If there isn't any necessity to h= ave=20 normal or suid binaries on a partition, why enable it? Using it on a data-only partition with a chrooted application does not limi= t=20 any possible damage? Like file upload and execution using an application=20 security flaw could be stopped at some point.=20 Saying one can easily do privilege escalation (like ppl are saying) doesn't= =20 eliminate the need of file permissions and other access policies. Regards, =2D-aristeu _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 suporte. 的文章
文章代碼(AID): #13DRXE00 (FB_security)
更多 suporte. 的文章
文章代碼(AID): #13DRXE00 (FB_security)